download free Certified Ethical Hacker v10

1
Ethical Hacking

2
AGENDA

• What is Ethical Hacking?
• Who are ethical hackers?
• Every Website-A Target
• Why- Ethical Hacking?
• Ethical Hacking- Process
• Being Prepared
• Planning
• Kinds of Testing
• Foot printing
• Enumeration fingerprinting
• Identification of vulnerabilities
• Attack-exploit the vulnerabilities
• Final Report
• Ethical Hacking - Commandments

3
Ethical Hacking

• Ethical hacking also known as penetration
  testing or white-hat hacking
• It involves the same tools, tricks, and
  techniques that hackers use, but with major
  differences
• Ethical hacking is legal. Ethical hacking is
  performed with the targets permission. The
  intent of ethical hacking is to discover
  vulnerabilities from a hackers viewpoint so
  systems can be better secured.
• Its part of an overall information risk
  management program that allows for ongoing
  security improvements.
• Ethical hacking can also ensure that vendors
  claims about the security of their products are
  legitimate.

4
Ethical Hackers but not Criminal Hackers

• Completely trustworthy.
• Strong programming and computer networking
  skills.
• Learn about the system and trying to find its
  weaknesses.
• Techniques of ethical hackers-Detection-Prevention
  .

5
Why Ethical Hacking?

• Protection from possible External Attacks

6
Why Ethical Hacking?
7
Ethical Hacking - Process

• Preparation
• Planning
• Footprinting
• Enumeration Fingerprinting
• Identification of Vulnerabilities
• Attack Exploit the Vulnerabilities

8
Preparation

• What can an intruder see on the target systems?
• What can an intruder do with that information?
• Does anyone at the target notice the intruder's
  attempts or successes?
• 1. What are you trying to protect?
• Who are you trying to protect against?
• How much time, effort, and money are you willing
  to expand to obtain adequate protection?

9
Planning

• Security evaluation plan
• How to test?
• Identify system to be tested
• Limitations on that testing
  
• Evaluation done under a no-holds-barred
  approach.
• Clients should be aware of risks.
• Limit prior knowledge of test.

10
Footprinting

• Collecting as much information about the target
• DNS Servers
• IP Ranges
• Administrative Contacts
• Problems revealed by administrators
• Information Sources
• Search engines
• Forums
• Databases who is, ripe,
• Tools PING, who is, Trace route, DIG, ns
  lookup.

11
Enumeration Fingerprinting

• Specific targets determined
• Identification of Services / open ports
• Operating System Enumeration
• Methods
• Banner grabbing
• Responses to various protocol (ICMP TCP)
  commands
• Port / Service Scans TCP Connect, TCP SYN, TCP
  FIN, etc.
• Tools
• N map, F Scan, Firewall, net cat, telnet, SNMP
  Scanner

12
Identification of Vulnerabilities

• Vulnerabilities
• Insecure Configuration
• Weak passwords
• Unpatched vulnerabilities in services, Operating
  systems, applications
• Possible Vulnerabilities in Services, Operating
  Systems
• Insecure programming
• Weak Access Control

13
Identification of Vulnerabilities

• METHODS
• Unpatched / Possible Vulnerabilities Tools,
  Vulnerability information Websites
• Weak Passwords Default Passwords, Brute force,
  Social Engineering, Listening to Traffic
• Insecure Programming SQL Injection, Listening
  to Traffic
• Weak Access Control Using the Application
  Logic.

14
Example of Ethical Hacking

• One of the earliest examples of using ethical
  hackers occurred in the 1970's. At this time,
  the United States government utilized the
  knowledge and services of groups of experts,
  referred to as red teams. They enlisted these
  ethical hackers to hack into the United States
  government's computer system. The purpose was to
  evaluate how secure it was and to recognize any
  possible vulnerabilities. Ethical hacking is now
  a growing profession that is still used by the
  United States government, as well as technology
  companies and other corporations. Many large
  companies employ teams of ethical hackers to help
  keep their systems secure, such as IBM.

15
Attack Exploit the vulnerabilities

• Obtain as much information from the Target Asset
• Gaining Normal Access
• Escalation of privileges
• Obtaining access to other connected systems
• Last Ditch Effort Denial of Service

16
Attack Exploit the vulnerabilities

• Network Infrastructure Attacks
• Connecting to the network through modem
• Weaknesses in TCP / IP, NetBIOS
• Flooding the network to cause DOS
• Operating System Attacks
• Attacking Authentication Systems
• Exploiting Protocol Implementations
• Exploiting Insecure configuration
• Breaking File-System Security

17
Attack Exploit the vulnerabilities

• Application Specific Attacks
• Exploiting implementations of HTTP, SMTP
  protocols
• Gaining access to application Databases
• SQL Injection
• Spamming

18
Attack Exploit the vulnerabilities

• Exploits
• Free exploits from Hacker Websites
• Customised free exploits
• Internally Developed
• Tools Nessus, Metasploit Framework,

19
Final Report

• Collection of all discoveries made during
  evaluation.
• Specific advice on how to close the
  vulnerabilities.
• Testers techniques never revealed.
• Delivered directly to an officer of the client
  organization in hard-copy form.
• Steps to be followed by clients in future.

20
Ethical Hacking - Commandments

• Working Ethically
• Trustworthiness
• Misuse for personal gain
• Respecting Privacy
• Not Crashing the Systems

21
Contact us

• Cyber Fox Technology
• Address 3rd Floor, Lohia Towers, Nirmala Convent
  Road, Patmata
• Distt. Krishna , Vijayawada (India)
• Contact Email info_at_cyberfoxtechnology.org
• Mobile91-9652038194
• Website http//cyberfoxtechnology.org

22
(No Transcript)